AIX System Health Check Guide

Customer: VBARD

Version Number 1.0

Page 1 of 6
Table of Contents

I. Primarily Checking Steps ................................................................................................ 3

1. Physical Check............................................................................................................ 3
2. AIX users Check ......................................................................................................... 3
3. PATH variable Check ................................................................................................. 4
II. AIX System Health Check List...................................................................................... 5
III. Showing Basic AIX System Information ..................................................................... 6

Page 2 of 6
I. Primarily Checking Steps
1. Physical Check

• Review the network configuration to ensure that all network components are
physically secured. These include Switches, Routers and Modems (built-in in
DS8000 series Storage System).

• Determine who is responsible and what documentation is required for

configuration changes to the physical network.

• Ensure that only authorized personnel have physical access to the system console.

2. AIX users Check

After installing the AIX operating system, there are some pre-defined groups such as the
following:

system
staff
bin
adm
uucp
mail
security
cron
printq
audit
ecs
nobody
usr

Review the access control permission on the critical system directories and files. In
addition, review the access control permissions on the application’s directories and files.
For example:

# ls test_file

-rwxrwxrwx 1 vbard_staff system 0635 01/12 test_file

In this case, all the users have full rights to access to the file named test_file, although
this file is belong to the user named vbard_staff and the group system. Therefore we
should review the users or groups who have write authority into a directory or file.

Page 3 of 6
3. PATH variable Check

Ensure that root’s .profile file has a proper PATH variable with no ‘dot’ as the first entry
like:

PATH=.:/usr/lpp/mmfs/bin

This is to prevent unauthorized user from running malicious scripts at current directory.
The root’s .profile file is located at the root directory (/)

Page 4 of 6
II. AIX System Health Check List
Below is a list of commands and descriptions when performing an AIS system health
check.

AIX Commands Description

instfix –vi |grep AIX_ML Ensure all AIX_ML filesets are installed
lsvg –l rootvg |grep stale Check for ‘stale’ partitions in rootvg
df /var Check for full /var
df /tmp Check for full /tmp
sysdumpdev -l Check for proper system dump config
lsattr –El mem0 Ensure proper memory configuration
bindprocessor -q Check for offline processors
lsattr –El ent0 |grep Check for proper ‘admin’ network speed
media_speed
lppchk –v Verify installed filesets
lppchk –c Sum check installed filesets
lsps –a Verify paging space.
AIX servers rarely crash, but when they do, it's
usually because the paging space has filled up.
This shouldn't happen if you monitor this
frequently by running these commands daily and
making sure your systems have adequate paging
space.
vmstat –l Verify large page allocation
vmo -a Check all vmo settings
no -a Check all network options settings

When an AIX fix is needed, it can be obtained from this link:

http://www-933.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix

Page 5 of 6
III. Showing Basic AIX System Information
In this part, we will provide some AIX commands to provide information about the
current AIX system. Those commands can be used with other basic operating commands
as mentioned in previous AIX courses.

To see whether the system is using 32-bit kernel or 64-bit kernel, issue the command:

bootinfo –K

/unix is a symbolic link to the booted kernel. To see whether the system is running a
uniprocessor kernel or multiprocessor kernel, issue the command:

ls –l /unix

And see what file /unix links to.

The following are the three possible outputs from the ls -l /unix command and their
corresponding kernels:

/unix -> /usr/lib/boot/unix_up # 32 bit uniprocessor kernel

/unix -> /usr/lib/boot/unix_mp # 32 bit multiprocessor kernel

/unix -> /usr/lib/boot/unix_64 # 64 bit multiprocessor kernel

Besides, 64-bit hardware is required to run the 64-bit kernel. To know whether the
current System p servers (hardware) is 32-bit or 64-bit, issue the command:

bootinfo -y

Page 6 of 6